Fix CORS, timezone y configuraciones para producción

- Actualizar middleware CORS para permitir orígenes de producción y apps móviles
- Cambiar timezone de America/Tijuana a America/Mexico_City en PostulationController
- Agregar configuración de Google Maps
- Agregar servicio de notificaciones push

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/Http/Middleware/Cors.php

@@ -12,15 +12,27 @@ class Cors
      */
     public function handle($request, Closure $next)
     {
+        $allowedOrigins = [
+            'http://localhost',
+            'https://localhost',
+            'ionic://localhost',
+            'https://jobhero.consultoria-as.com',
+            'https://jobhero-api.consultoria-as.com',
+            'capacitor://localhost',
+            'http://localhost:8100'
+        ];
 
-        $allowedOrigins = ['http://localhost', 'ionic://localhost'];
+        $origin = $request->server('HTTP_ORIGIN');
 
-          if (in_array($request->server('HTTP_ORIGIN'), $allowedOrigins)) {
-              return $next($request)
-                  ->header('Access-Control-Allow-Origin', $request->server('HTTP_ORIGIN'))
-                  ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
-                  ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, X-XSRF-TOKEN');
-          }
+        // Allow requests from mobile apps (no origin or capacitor/ionic)
+        if (empty($origin) || in_array($origin, $allowedOrigins)) {
+            $response = $next($request);
+            $allowOrigin = empty($origin) ? '*' : $origin;
+            return $response
+                ->header('Access-Control-Allow-Origin', $allowOrigin)
+                ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
+                ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, X-XSRF-TOKEN');
+        }
 
         return $next($request);
     }